#vulnerability

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. ### Am I Vulnerable? This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. ### Affected Components - `gardener/gardener` ### Affected Versions - < v1.116.4 - < v1.117.5 - < v1.118.2 - < v1.119.0 ### Fixed Versions - &gt;= v1.116.4 - &gt;= v1.117.5 - &gt;= v1.118.2 - &gt;= v1.119.0 ### How do I mitigate this vulnerability? Update to a fixed version.

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. ### Am I Vulnerable? This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. ### Affected Components - `gardener/external-dns-management` ### Affected Versions - < 0.23.6 ### Fixed Versions - &gt;= 0.23.6 ### Important The `external-dns-management` component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. ### How do I mitigate this vulnerability? Updat...

DDoSecrets indexes 410GB of breached TeleMessage data, including messages and metadata, from hack tied to unsecured Signal clone used by US government officials.

The UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen.…

### Summary A path traversal vulnerability in `PackageIndex` was fixed in setuptools version 78.1.1 ### Details ``` def _download_url(self, url, tmpdir): # Determine download filename # name, _fragment = egg_info_for_url(url) if name: while '..' in name: name = name.replace('..', '.').replace('\\', '_') else: name = "__downloaded__" # default if URL has no path contents if name.endswith('.[egg.zip](http://egg.zip/)'): name = name[:-4] # strip the extra .zip before download --> filename = os.path.join(tmpdir, name) ``` Here: https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 `os.path.join()` discards the first argument `tmpdir` if the second begins with a slash or drive letter. `name` is derived from a URL without sufficient sanitization. While there is some attempt to sanitize by replacing instanc...

### LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. ## ---------------------------------POC----------------------------- Before Setting: Enable 'distributed_poller' in http://localhost/settings/poller/distributed 1. Attacker creates a new poller group and injects the payload in the 'group name' parameter ``` payload: <script>alert('XSS')</script> ``` 2. Victim navigates to the 'http://localhost/addhost' to add a new host 3. The payload is executed code sink: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284

The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put() function of bbmdList.js, where the writeFile() function is invoked to persist user-controlled data (req.body.bipList and req.body.natList) directly into sensitive configuration files (/etc/bdt.txt and /etc/bdt2.txt). This write operation lacks input validation and integrity checks allowing an attacker to supply crafted JSON payloads to inject or overwrite trusted BACnet BBMD entries. As these files are critical for network configuration, exploitation may result in unauthorized network redirection, denial of service, or insertion of rogue nodes into the system, thereby undermining the integrity and security of OT network communications.

The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended var/ directory. Additionally, the use of Fs.unlinkSync() after serving the file introduces a destructive impact, allowing attackers to delete system or application files.

Make sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in siteGuide.js, where user-supplied data is not properly sanitized, allowing directory traversal attacks.